b635c65cf3
Enable running the registry in a mode where authentication is required for pulling images. This could be useful in an environment where even an intermediate or buildset registry should require authentication to pull images. Or it could make this more useful as a general registry (that's not a priority use case for this project, but this doesn't add much complexity). If a "read" level user is specified, then we assume that anonymous read access should not be allowed. Change-Id: I1455a1031590ff0206a4b6da0d8c08093cf0e3cd
80 lines
1.9 KiB
YAML
80 lines
1.9 KiB
YAML
# This installs docker and runs a buildset registry
|
|
- hosts: all
|
|
roles:
|
|
- build-docker-image
|
|
|
|
- hosts: all
|
|
name: Set up for tests
|
|
vars:
|
|
tasks:
|
|
# Set facts here to apply to all plays below
|
|
- name: Set variables for all tests
|
|
set_fact:
|
|
workspace: /tmp/registry-test
|
|
local: false
|
|
- name: Add project atomic PPA
|
|
apt_repository:
|
|
repo: ppa:projectatomic/ppa
|
|
become: true
|
|
- name: Install packages
|
|
package:
|
|
name:
|
|
- docker-compose
|
|
- openssl
|
|
- skopeo
|
|
- buildah
|
|
- podman
|
|
state: present
|
|
become: true
|
|
- name: Run setup tasks
|
|
include_tasks: setup.yaml
|
|
|
|
- hosts: all
|
|
name: Run docker standard registry test
|
|
tasks:
|
|
- name: Run docker test tasks
|
|
include_tasks: docker.yaml
|
|
|
|
- hosts: all
|
|
name: Run restricted buildset registry test
|
|
tasks:
|
|
- name: Run restricted buildset test tasks
|
|
include_tasks: restricted.yaml
|
|
|
|
- hosts: all
|
|
name: Run podman standard registry test
|
|
tasks:
|
|
- name: Run podman test tasks
|
|
include_tasks: podman.yaml
|
|
|
|
- hosts: all
|
|
name: Run docker buildset registry test
|
|
tasks:
|
|
- name: Run docker buildset test tasks
|
|
include_tasks: docker-buildset.yaml
|
|
|
|
- hosts: all
|
|
name: Run podman buildset registry test
|
|
tasks:
|
|
- name: Run podman buildset test tasks
|
|
include_tasks: podman-buildset.yaml
|
|
|
|
- hosts: all
|
|
name: Clean up after tests
|
|
tasks:
|
|
- name: Run cleanup tasks
|
|
include_tasks: cleanup.yaml
|
|
|
|
# If buildset_registry is defined, that means a parent job is running it;
|
|
# only if it is not defined does it mean that we are running it. If we
|
|
# are running it, pause the job so that child jobs will automatically
|
|
# use it.
|
|
- hosts: localhost
|
|
tasks:
|
|
- name: Pause the job
|
|
when: buildset_registry is not defined
|
|
zuul_return:
|
|
data:
|
|
zuul:
|
|
pause: true
|